apache

3,096 tracked vulnerabilities.

CVE-2020-9495 MEDIUM
Apache Archiva < 2.2.5 - LDAP Injection via Login Form
Jun 19, 2020
CVSS 5.3
EPSS 0.08
CVE-2020-11969 CRITICAL
Apache TomEE 1.0.0-1.7.5, 7.0.0-M1-7.0.7, 7.1.0-7.1.2, 8.0.0-M1-8.0.1 - Unauthenticated JMX Access
Jun 15, 2020
CVSS 9.8
EPSS 0.04
CVE-2020-11980 MEDIUM
Apache Karaf < 4.2.9 - Server-Side Request Forgery via MLet getMBeansFromURL
Jun 12, 2020
CVSS 6.3
EPSS 0.02
CVE-2020-11975 CRITICAL NUCLEI
Apache Unomi < 1.5.1 and 1.5.2-1.5.3 - Remote Code Execution via OGNL Scripting
Jun 05, 2020
CVSS 9.8
EPSS 0.30
CVE-2020-1963 CRITICAL
Apache Ignite < 2.8.0 - Unauthenticated Arbitrary File Access via H2 SQL Functions
Jun 03, 2020
CVSS 9.1
EPSS 0.05
CVE-2020-1956 HIGH KEVNUCLEI
Apache Kylin 2.3.0-2.6.5 and 3.0.1 - OS Command Injection via RESTful API
May 22, 2020
CVSS 8.8
EPSS 0.97
CVE-2020-9484 HIGH NUCLEI
Apache Tomcat < 7.0.108 - Insecure Deserialization
May 20, 2020
CVSS 7.0
EPSS 0.57
CVE-2020-1955 CRITICAL
Apache CouchDB 3.0.0 - Missing Authentication for Critical Function via Misconfiguration
May 20, 2020
CVSS 9.8
EPSS 0.02
CVE-2020-1960 MEDIUM
Apache Flink 1.1.0-1.10.0 - Man-in-the-Middle Attack via JMXRMI Registry Rebinding
May 14, 2020
CVSS 4.7
EPSS 0.01
CVE-2020-1941 MEDIUM
Oracle Flexcube Private Banking - Cross-Site Scripting
May 14, 2020
CVSS 6.1
EPSS 0.06
CVE-2020-11973 CRITICAL
Apache Camel 2.22.0-2.25.0 and 3.0.0-3.1.0 - Deserialization of Untrusted Data via Netty
May 14, 2020
CVSS 9.8
EPSS 0.07
CVE-2020-11972 CRITICAL
Apache Camel 2.22.0-2.25.0 and 3.0.0-3.1.0 - Deserialization of Untrusted Data via RabbitMQ Java Deserialization
May 14, 2020
CVSS 9.8
EPSS 0.06
CVE-2020-11971 HIGH
Apache Camel 2.22.0-3.1.0 - Rebind Flaw in JMX
May 14, 2020
CVSS 7.5
EPSS 0.14
CVE-2020-1945 MEDIUM
Apache Ant 1.1-1.9.14 and 1.10.0-1.10.7 - Information Disclosure and Arbitrary File Write via Temporary Directory
May 14, 2020
CVSS 6.3
EPSS 0.02
CVE-2020-1939 CRITICAL
Apache NuttX apps 6.15-8.2 - NULL Pointer Dereference in ftpd
May 12, 2020
CVSS 9.8
EPSS 0.02
CVE-2020-1961 CRITICAL
Apache Syncope < 2.0.15 and < 2.1.6 - Server-Side Template Injection via Mail Templates
May 04, 2020
CVSS 9.8
EPSS 0.05
CVE-2020-1959 CRITICAL
Apache Syncope < 2.1.6 - Unauthenticated Remote Code Execution via Java EL Expression Injection
May 04, 2020
CVSS 9.8
EPSS 0.05
CVE-2020-9482 MEDIUM
Apache NiFi Registry 0.1.0-0.5.0 - Insufficient Session Expiration
Apr 28, 2020
CVSS 6.5
EPSS 0.03
CVE-2020-9481 HIGH
Apache Traffic Server 6.0.0-6.2.3, 7.0.0-7.1.9, 8.0.0-8.0.6 - Resource Consumption via HTTP/2 Slow Read
Apr 27, 2020
CVSS 7.5
EPSS 0.02
CVE-2020-1952 CRITICAL
Apache IoTDB 0.8.0-0.8.2 and 0.9.0-0.9.1 - Unauthenticated Remote Code Execution via JMX Port
Apr 27, 2020
CVSS 9.8
EPSS 0.03
CVE-2020-9488 LOW
Apache Log4j 2.0-2.12.2, 2.13.0 - Improper Certificate Validation in SMTP Appender
Apr 27, 2020
CVSS 3.7
EPSS 0.08
CVE-2020-9489 MEDIUM
Apache Tika < 1.24.1 - Denial of Service via Crafted File in Multiple Parsers
Apr 27, 2020
CVSS 5.5
EPSS 0.03
CVE-2020-1964 CRITICAL
Apache Heron 0.20.0-incubating-0.20.2-incubating - Remote Code Execution via YAML Deserialization
Apr 16, 2020
CVSS 9.8
EPSS 0.05
CVE-2020-1927 MEDIUM
Apache HTTP Server 2.4.0-2.4.41 - URL Redirection to Untrusted Site via Encoded Newlines
Apr 02, 2020
CVSS 6.1
EPSS 0.57
CVE-2020-1958 MEDIUM
Apache Druid 0.17.0 - Authentication Bypass and Information Disclosure via LDAP User Search
Apr 01, 2020
CVSS 6.5
EPSS 0.05